Hello, I have the same question too (for Android 7 in my case). The documentation <https://source.android.com/security/bulletin/2019-01-01.html> says (e.g. for the Android Security Bulletin of January 2019):
Device manufacturers that include these updates should set the patch string > level to: > > - [ro.build.version.security_patch]:[2019-01-01] > - [ro.build.version.security_patch]:[2019-01-05] > > And indeed the versions of the AOSP are listed for each fix (e.g. 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9) which let think that those patches are available for these versions. However the older versions (namely Android 7.x.x) have been a long time without update: the last of Android 7 for the Pixel was something like 7.1.2_r28 back in 2017. It's not clear what the "Updated AOSP versions" <https://source.android.com/security/bulletin/2019-01-01.html#system> means here. So how is this supposed to work? Are we to manually cherry-pick the fixes back to our version, or are those fixes available in some other place? What is the standard way of including those updates without updating the whole system to the next major release of Android? A bit of clarification would be welcome here. Thanks, Jean-Marie. -- -- You received this message because you are subscribed to the "Android Building" mailing list. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-building?hl=en --- You received this message because you are subscribed to the Google Groups "Android Building" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
